RADIUSdesk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
user_guide:openvpn_bridges [2016/09/26 04:59]
admin [Steps Involved]
user_guide:openvpn_bridges [2020/08/12 13:37] (current)
admin [The Hardware]
Line 1: Line 1:
 ====== OpenVPN Bridges ====== ====== OpenVPN Bridges ======
 +{{ :​user_guide:​apdesk:​openvpn_bridge.png?​nolink |}}
 ===== Introduction ===== ===== Introduction =====
   * We are very exited about a new feature which is now part of  **MESHdesk** as well as **APdesk**.   * We are very exited about a new feature which is now part of  **MESHdesk** as well as **APdesk**.
Line 12: Line 13:
  
 ===== Our Setup ===== ===== Our Setup =====
-  * For this document we will have the configure the following setup. +For this document we will configure the following setup. 
-    * One Ubuntu ​14.04 server with two Ethernet cards and one public IP Address.+==== The Hardware ==== 
 +    * One Ubuntu ​18.04 server with two Ethernet cards and one public IP Address.
       * Eth1 will have the Public IP Address (198.27.111.78)       * Eth1 will have the Public IP Address (198.27.111.78)
       * Eth0 will be segmented using VLANs.       * Eth0 will be segmented using VLANs.
-      * We will not need any VLAN capable switches.+      * We will **not** need any VLAN capable switches.
     * Another server (can be the same) running the latest SVN of RADIUSdesk     * Another server (can be the same) running the latest SVN of RADIUSdesk
     * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware.     * An Access Point with Internet access, running the latest build from SVN of the MESHdesk firmware.
 +
 +<WRAP center round info 90%>
 +== Only one Ethernet port? ==
 +  * If your server has only one Ethernet port it is not a train smash!
 +  * We offer an alternative which will use the **dummy** module to mimick a real Ethernet port.
 +</​WRAP>​
 +
 +
 +==== Segmenting Using VLANs ====
 +
   * We will use VLANs configured on Eth0 as follows:   * We will use VLANs configured on Eth0 as follows:
     * VLAN 101 will have Address range 10.101.0.0/​16.     * VLAN 101 will have Address range 10.101.0.0/​16.
Line 27: Line 39:
     * br0.102 are bridged with eth0.102.     * br0.102 are bridged with eth0.102.
     * br0.103 are bridged with eth0.103.     * br0.103 are bridged with eth0.103.
 +
 +==== The VPNs ====
 +
   * The other side of the bridge is a VPN tunnel. ​   * The other side of the bridge is a VPN tunnel. ​
     * We will create three instances of OpenVPN in server mode.     * We will create three instances of OpenVPN in server mode.
     * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness.     * Each of these instances will be bound to a common IP Address (198.27.111.78) but it will have a unique port to ensure uniqueness.
 +
 +==== The Captive Portals ====
 +
     * Each of the bridges will have a Coova Chilli captive portal running. ​     * Each of the bridges will have a Coova Chilli captive portal running. ​
       * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict.       * The IP Address range of each of these Coova Chilli instances will be such that it can provide enough IP Addresses but also in such a manner that the OpenVPN server will be able to provide up to 100 Clients with IP Addresses and the RADIUSdesk server should provide another 100 Clients with IP Addresses without a conflict.
Line 37: Line 55:
  
  ===== Steps Involved =====  ===== Steps Involved =====
-  * Prepare the hardware and OS +  * [[user_guide:​openvpn_bridges_prep_os|Prepare the hardware and OS]] 
-  * Install and configure OpenVPN +  * [[user_guide:​openvpn_bridges_prep_openvpn|Install and configure OpenVPN]]  
-  * Install and configure CoovaChilli +  * [[user_guide:​openvpn_bridges_prep_coova|Install and configure CoovaChilli]] 
-  * Configure RADIUSdesk +  * [[user_guide:​openvpn_bridges_prep_radiusdesk|Configure RADIUSdeskMESHdesk ​and APdesk]]
-  * Configure ​MESHdesk +
-  * Configure ​APdesk+
  
-------------------------- 
  
-===== Prepare the hardware and OS ===== +-------------------------
- +
-  * In order for us to run VLANs on the server we need to install the VLAN module +
-<code bash> +
-#Install the VLAN package +
-sudo apt-get update +
-sudo apt-get install vlan +
-#​Permanently load the module during boot time +
-sudo su -c 'echo "​8021q"​ >> /​etc/​modules'​ +
-#Reboot the server +
-sudo reboot +
-#Confirm that it is loaded +
-lsmod  | grep 8021q +
-</​code>​ +
-  * In order for us be be able to use the bridging capabilities on the server, we need to install the bridge utilities. +
-<code bash> +
-#Install the bridge-utils package +
-sudo apt-get update +
-sudo apt-get install bridge-utils +
-</​code>​ +
-  * Edit the **/​etc/​network/​interfaces** file to contain the following configuration. +
-<code bash> +
-#Remember also to configure eth1 to contain the public IP Address... +
- +
-auto eth0.101 +
-iface eth0.101 inet manual +
-        up ip link set $IFACE up promisc on +
- +
-auto br0.101 +
-iface br0.101 inet static +
-        address 10.101.0.1 +
-        netmask 255.255.0.0 +
-        bridge_ports eth0.101 +
- +
-auto eth0.102 +
-iface eth0.102 inet manual +
-        up ip link set $IFACE up promisc on +
- +
-auto br0.102 +
-iface br0.102 inet static +
-        address 10.102.0.1 +
-        netmask 255.255.0.0 +
-        bridge_ports eth0.102 +
- +
-auto eth0.103 +
-iface eth0.103 inet manual +
-        up ip link set $IFACE up promisc on +
- +
-auto br0.103 +
-iface br0.103 inet static +
-        address 10.103.0.1 +
-        netmask 255.255.0.0 +
-        bridge_ports eth0.103 +
-</​code>​+
  
-   * Reboot the server and confirm that it came up with these bridges configured. 
-<code bash> 
-#Issue the ifconfig command to confirm the br0.101, br0.102 and br0.103 are up and has the correct IP Address. 
-#Also use the brctl command to show you the bridges present 
-system@rd:​~$ brctl show 
-bridge name bridge id STP enabled interfaces 
-br0.101 8000.000c294aafdf no eth0.101 
-br0.102 8000.000c294aafdf no eth0.102 
-br0.103 8000.000c294aafdf no eth0.103 
  
-</​code>​